2.5.25

2.5.24

Fix: On multisite, admin_url forced current blog URL’s over http even when the current blog was loaded over https. This will now only force http for other blog_urls than the current one, when they are on http and not https.

2.5.23

Tested up to WP 4.9

Added secure cookie notice

2.5.22

Changed mixed content fixer hook back from wp_print_footer_scripts to shutdown

2.5.21

Fixed double slash in paths to files

Fixed typo in activation notice.

Tweak: added option to not flush the rewrite rules

Fix: prevent forcing admin_url to http when FORCE_SSL_ADMIN is defined

2.3.5

2.3.4

Start detection and configuration only for users with “manage_options” capability

2.3.3

Fixed bug in force-deactivate script

2.3.2

Changed SSL detection so test page is only needed when not currently on SSL.

Some minor bug fixes.

2.3.1

Removed “activate ssl” option when no ssl is detected.

Optimized emptying of cache

Fixed some bugs in deactivation and activation of multisite

2.3.0

Gave more control over activation process by explicitly asking to enable SSL.

Added a notice if .htaccess is not writable

2.2.20

Fixed a bug in SSL detection

2.2.19

Changed followlocation in curl to an alternative method, as this gives issues when safemode or open_basedir is enabled.
Added dismissable message when redirects cannot be inserted in the .htaccess

2.2.18

Fixed bug in logging of curl detection

2.2.17

Security fixes in ssl-test-page.php

2.2.16

Bugfix with of insecure content fixer.

2.2.13

Added a check if the mixed content fixer is functioning on the front end
Fixed a bug where multisite per_site_activation variable wasn’t stored networkwide
Added clearing of wp_rocket cache thans to Greg for suggesting this
Added filter so you can remove the really simple ssl comment
Fixed a bug in the output buffer usage, which resolves several issues.
Added code so JetPack will run smoothly on SSL as well, thanks to Konstantin for suggesting this

2.2.12

To prevent lockouts, it is no longer possible to activate plugin when wp-config.php is not writable. In case of loadbalancers, activating ssl without adding the necessary fix in the wp-config would cause a redirect loop which would lock you out of the admin.

Moved redirect above the WordPress rewrite rules in the htaccess file.

Added an option to disable the fallback javascript redirection to https.

2.2.11

Brand new content fixer, which fixes all links on in the source of your website.

2.2.10

Roll back of mixed content fixer.

2.2.9

Improved the mixed content fixer. Faster and more effective.

2.2.8

Edited the wpconfig define check to prevent warnings when none are needed.

2.2.7

Extended detection of homeurl and siteurl constants in wp-config.php with regex to allow for spaces in code.